[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200209251355.16685.ka@khidr.net>
From: ka at khidr.net (Ka)
Subject: Re: Information Disclosure with Invision Board installation (fwd)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Well, Gossi,
I agree with your standpoint. Some "project leaders"
easily turn into "project defenders" when one takes
a closer look at their project. .o)
So the advice for any server with "Invision Board" installed
is to disable phpinfo() in the php startup file in addition
to setting safe-mode = On and perhaps specifying a special
safe_mode_exec_dir.
- -- see /etc/php.ini --
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-deliminated list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
disable_functions = phpinfo
- ----------------------
Ka
- --
"It's the perfect time of day
to throw all your cares away" Barenaked Ladies
http://www.khidr.net/users/ka/pgpkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9kaQf72vu22ltWBERAmZSAJ9zCkpzTzh0d/XQ7JmRtRU4eIQs9wCffao1
xBEznfgI7TidhIhG8wOJYF8=
=rUAX
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists